Win32/Regil [Threat Name] go to Threat

Win32/Regil.AZ [Threat Variant Name]

Category trojan
Size 59779 B
Detection created May 21, 2015
Detection database version 11663
Aliases Win32:Agent-ASCN (Avast)
  TR/Downloader.Gen2 (Avira)
Short description

Win32/Regil.AZ serves as a backdoor. It can be controlled remotely. The file is run-time compressed using NSPack .

Installation

The trojan does not create any copies of itself.


The trojan is usually a part of other malware with name Win32/Regil.BC .

Information stealing

The trojan collects the following information:

  • computer IP address
  • installed antivirus software
  • screenshots
  • operating system version

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The malware configuration is passed as command line parameters when the malware executable is launched. The HTTP protocol is used in the communication.


It may perform the following actions:

  • download files from a remote computer and/or the Internet
  • run executable files
  • send files to a remote computer
  • extract RAR archive
  • various file system operations
  • execute shell commands
  • set up a proxy server
  • log keystrokes
  • send gathered information

Please enable Javascript to ensure correct displaying of this content and refresh this page.